cse443-lecture-19-websecurity - Lecture 19 & 20 - Web...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjae ger/cse443-s12/
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CMPSC 443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger Page Network vs. Web Security
Background image of page 2
CMPSC 443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger Page What is the web? • A collection of application-layer services used to distribute content – Web content (HTML) – Multimedia – Email – Instant messaging • Many applications – News outlets, entertainment, education, research and technology, … – Commercial, consumer and B2B • The largest distributed system in existence – threats are as diverse as applications and users – But need to be thought out carefully …
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CMPSC 443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger Page Web Security: The High Bits • The largest distributed system in the world – threats are as diverse as applications and users – so defenses need to be thought out carefully. .. • The stakeholders include – Consumers (users, businesses, agents, etc) – Providers (web servers, IM servers, etc) • Another way of seeing web security is – Securing the web infrastructure such that the integrity , conFdentiality , and availability of content and user information is maintained
Background image of page 4
CMPSC 443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger Page Secure socket Layer (SSL/TLS) • Used to authenticate servers – Uses certifcates, “root” CAs Can authenticate clients • Inclusive security protocol • Security at the socket layer – Transport Layer Security (TLS) – Provides • authentication • confdentiality • integrity TCP IP SSL HTTP
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CMPSC 443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger Page SSL Handshake (1) Client Hello (algorithms,…) (2) Server Hello (alg. selection, …) (3) Server Certificate (4) ClientKeyRequest (5) ChangeCipherSuite (6) ChangeCipherSuite (7) Finished (8) Finished Client Server
Background image of page 6
Page Simplified Protocol Detail Participants : Alice/A (client) and Bob/B (server) Crypto Elements : Random R, Certifcate C, k + i Public Key (oF i ) Crypto Functions : Hash Function H ( x ) , Encryption E ( k,d ) , Decryption D ( k,d ) , Keyed MAC HMAC ( k,d ) 1. Alice Bob R A 2. Bob Alice R B , C B Alice pick pre-master secret S Alice calculate master secret K = H ( S,R A ,R B ) 3. Alice Bob E ( k + B ,S ) , HMAC ( K, ± CLNT ± + [#1 , #2]) Bob recover pre-master secret S = D ( k - B ,E ( k + B ,S )) Bob calculate master secret K = H ( S,R A ,R B ) 4. Bob Alice HMAC ( K, ± SRV R ± + [#1 , #2]) Note : Alice and Bob : IV Keys, Encryption Keys, and Integrity Keys 6 keys,where each key k i = g i ( K,R A
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/11/2012 for the course CSE 443 taught by Professor Trentjaeger during the Spring '11 term at Pennsylvania State University, University Park.

Page1 / 42

cse443-lecture-19-websecurity - Lecture 19 & 20 - Web...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online